Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 12:43
Static task
static1
Behavioral task
behavioral1
Sample
7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe
Resource
win7-20220812-en
General
-
Target
7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe
-
Size
95KB
-
MD5
a2ba9aac30028498cc33fb874ab8ba2e
-
SHA1
5ba172a029f34c68b4eb928c0ac4fd84ddd8b015
-
SHA256
7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2
-
SHA512
7c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65
-
SSDEEP
768:e06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9Y:sR0vxn3Pc0LCH9MtbvabUDzJYWu3B
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4624 WaterMark.exe -
resource yara_rule behavioral2/memory/4676-135-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4676-136-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4676-144-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4624-147-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-148-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-149-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-150-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-155-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-154-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-156-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-153-0x0000000000400000-0x0000000000459000-memory.dmp upx behavioral2/memory/4624-157-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe File opened for modification C:\Program Files (x86)\Microsoft\pxEF18.tmp 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe File created C:\Program Files (x86)\Microsoft\WaterMark.exe 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4180 4932 WerFault.exe 81 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993630" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3094114688" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3094114688" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993630" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3094114688" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993630" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3094114688" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "373954380" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993630" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993630" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E3719E5F-58D1-11ED-AECB-C2DBB15B3A76} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3142396478" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E371774F-58D1-11ED-AECB-C2DBB15B3A76} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993630" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3142396478" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe 4624 WaterMark.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4520 iexplore.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4624 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4520 iexplore.exe 3740 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 4520 iexplore.exe 4520 iexplore.exe 3740 iexplore.exe 3740 iexplore.exe 260 IEXPLORE.EXE 100 IEXPLORE.EXE 260 IEXPLORE.EXE 100 IEXPLORE.EXE 260 IEXPLORE.EXE 260 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4676 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe 4624 WaterMark.exe -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 4676 wrote to memory of 4624 4676 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe 80 PID 4676 wrote to memory of 4624 4676 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe 80 PID 4676 wrote to memory of 4624 4676 7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe 80 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4932 4624 WaterMark.exe 81 PID 4624 wrote to memory of 4520 4624 WaterMark.exe 83 PID 4624 wrote to memory of 4520 4624 WaterMark.exe 83 PID 4624 wrote to memory of 3740 4624 WaterMark.exe 84 PID 4624 wrote to memory of 3740 4624 WaterMark.exe 84 PID 4520 wrote to memory of 260 4520 iexplore.exe 88 PID 4520 wrote to memory of 260 4520 iexplore.exe 88 PID 4520 wrote to memory of 260 4520 iexplore.exe 88 PID 3740 wrote to memory of 100 3740 iexplore.exe 87 PID 3740 wrote to memory of 100 3740 iexplore.exe 87 PID 3740 wrote to memory of 100 3740 iexplore.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe"C:\Users\Admin\AppData\Local\Temp\7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4676 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4624 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe3⤵PID:4932
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 2124⤵
- Program crash
PID:4180
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4520 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4520 CREDAT:17410 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:260
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3740 CREDAT:17410 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:100
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4932 -ip 49321⤵PID:2304
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5a2ba9aac30028498cc33fb874ab8ba2e
SHA15ba172a029f34c68b4eb928c0ac4fd84ddd8b015
SHA2567a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2
SHA5127c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65
-
Filesize
95KB
MD5a2ba9aac30028498cc33fb874ab8ba2e
SHA15ba172a029f34c68b4eb928c0ac4fd84ddd8b015
SHA2567a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2
SHA5127c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD55ddb1febcd291eb59d3d67d24a05bfd0
SHA1fe957affe27cb991f332e7f5c86d3a15359bd3b9
SHA256ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb
SHA51262d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD55ddb1febcd291eb59d3d67d24a05bfd0
SHA1fe957affe27cb991f332e7f5c86d3a15359bd3b9
SHA256ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb
SHA51262d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD55d1c64b49cdd2b34c17031d624d03719
SHA12f07e06ec560299276749cbb4f2ffe2c91bdc3db
SHA2561134d498779f8173a61ddc390dba42d0a2e2209a4372df0cc4b634e32e54b5bd
SHA512faffc12db912b83aa974d6f3f1b98b6b5778c2902505a17f0370056c7e3a001f95771c01dc131b6a663fccd0c59d5b35c36e19c9dc1eaad9263c4c34d8b8a789
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD5c2c9c2819a2dcbbf8b027a2ea0f85e21
SHA19b3eac8b085a106d589ad50cf7850cd8e78f1343
SHA25634c194e82886d2584cd45a3bbdbb72a39df114b5df0ba9dea43c30a6913a792f
SHA512e60e7d545e4bcafc12f0a755d2a83cbe5b429e555d0bff9a20c2f390607326b28a736b89a9761d7e37b4dd28d19c0932a531ef956c663d65a5dee9795bc496ca
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E371774F-58D1-11ED-AECB-C2DBB15B3A76}.dat
Filesize3KB
MD57418490eec235f25366b811d19769fc4
SHA1056da5b3901acae768f50ba7a3adb846d328082c
SHA2568039130c65801bf531bf690af67526af11eaefbf8e84010cfb114113348bab23
SHA51211c16a89da4fa382191139b9c35143d1d94f93cf51e68f586cbdc1d40da134b16266f8d4fd5cc3bbd8a5c0331ac9ee97e61f54111200cf8869aac77080a34f4d
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3719E5F-58D1-11ED-AECB-C2DBB15B3A76}.dat
Filesize5KB
MD500afea85dc072836af9beccb4ebbd1c6
SHA1ccef4ccdd71ae0346ce5ccb7f57b1776eb9b7e82
SHA256e8762c06006a5206f706043d374b032a719dd8d9251630bf5c18f69b0174dc97
SHA51263c89faf69c9eece10158befac51107afb303ee27de7832df578548c98f7981298fbd76d11f483639b9a9624c76d10a047fed45390ea25b89166de3de7073e3f